TechSpot

My other computer is infected with the system check virus

By signofzeta
Feb 26, 2012
  1. I can't download any files for my desktop computer, and my laptop computer is in a cleaning process right now, so I can't do the preliminary steps with malwarebytes, GMER and DDS.

    If I want to use a thumbdrive to get malwarebytes, GMER and DDS into my really infected machine from my less infected machine, does the infection spread into my thumbdrive and thus infect the cleaner machine?

    What should I do?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Wait until your laptop is clean.
     
  3. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    I might be able to get malwarebytes, GMER, and DDS from the school computers, and save it onto the thumb drive, as a temporary means before the laptop is clean, so give me instruction on how to run these programs on the infected desktop PC, because as I observe, I couldn't run any programs on my infected machine, so there must be a way to run those 3 programs differently. I don't think I could access the thumb drive even if I wanted to.

    Of course, the cleanup procedure wouldn't be as fast, as I can only bring in a few of the programs that you would probably tell me to run, from school, I mean, download the programs from the school computer and save it to my 512MB thumbdrive, in which I hope that the downloads aren't that huge. It also means that I would probably be sending in a response once a day until my laptop is clean.
     
  4. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    I now have malwarebytes installer, GMER and DDS on a thumbdrive, downloaded from a clean computer. How do I run these programs, knowing that the System Check Virus won't allow me to run them?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    See if you can run any of them from safe mode.
     
  6. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    In safe mode, the desktop shortcuts and everything in the start menu is missing, other than logoff and shutdown. When I ctrl alt del, the task manager is greyed out. Because of that, I don't think I can access anything in my hard drive, thumb drive, or any other drive.

    What should I do?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  8. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    Ok, I managed to run Malwarebytes, GMER and DDS so I will post those. What I did was changed the start menu to the classic view, and it at least gave me access to the thumb drive, so we'll just continue from there.
     
  9. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    Malwarebytes

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.28.01

    Windows XP Service Pack 2 x86 FAT32 (Safe Mode/Networking)
    Internet Explorer 6.0.2900.2180
    Albert :: HP-DOWNSTAIRS [administrator]

    27/02/2012 8:03:58 PM
    mbam-log-2012-02-27 (20-03-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 307674
    Time elapsed: 6 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBAF53D4-11FE-482D-B516-B3103BC71F87} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 9
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-27 20:17:52
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD3200JS-60PDB0 rev.21.00M21
    Running: ws0k4td3.exe; Driver: C:\DOCUME~1\Albert\LOCALS~1\Temp\pwdyikog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  11. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
    Run by Albert at 20:18:11 on 2012-02-27
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1641 [GMT -6:00]
    .
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A567C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE87C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899877C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B097C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E1A96C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898917C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F57DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8987E7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89371DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B0D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F48324-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898147C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899A67C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897947C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898217C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897F97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BB57C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898677C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AAD7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E149E4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8998D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FFD684-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A767C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981C7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898467C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ADE7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899E07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898927C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E2FBD4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898627C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E11984-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B2B7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898767C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {893BADDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899457C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8913656C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898477C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A337C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {89C4852C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898367C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A6D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B037C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A529054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8993F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF47C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {FFDFF540-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8986D7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A17C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891A57DC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {88DB51A4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DDBC14-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBF8FC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A52B91C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD37C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ABF7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891149CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E6A6CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E07C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E4BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F86C0C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898787C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9A7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898FF7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A917C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899897C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B927C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C77C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897CE7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DA7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88CC793C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1074CC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A0C8514-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B37C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898397C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899727C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CF7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4F7C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DB7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE8514-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A57C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2F7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89706724-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898B57C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899787C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B97C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8988E7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899187C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B107C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1027C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A078344-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AF7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B07C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E17C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2B7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898697C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898307C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BAB38540-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AB27C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D67C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E922EC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F47C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A427C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A357C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A457C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D47C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B047C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F74DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898187C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A7D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898057C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899717C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D11994-FFA4-00DE-0D24-347CA8A3377C}
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8982B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A777C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE9C04-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A19C654-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C27C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898637C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89C71DA4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898807C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A09C054-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8934662C-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B1A7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B77C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A257C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8990C7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000202-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897AC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A0D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B697C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EEE7AC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898347C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE3344-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898727C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DE7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ED754C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898987C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A345DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BBD7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F2B91C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AA57C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A117C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897BC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898567C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F9B054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B367C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89374DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A00E5FC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D75344-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A307C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898127C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898BE7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898EA7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A05635C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898547C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E546DC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C37C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A597C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F6241C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A5F6EC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899137C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898157C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899EE790-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898047C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E72DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A023604-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBB614-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899757C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A8C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898ED7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8910D054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898087C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {892EA054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88210DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EA4314-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898357C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898867C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {877B7DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898107C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC67C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A957C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898287C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8996E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899587C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8992A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88C664EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891C7DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E3B30C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8989F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A547C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897917C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8994E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F7EC6C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC17C4-FFA4-00EF-0D24-347CA8A3377C}
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=4105
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet1.10\tools\BitCometBHO_1.3.3.2.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [niEJngRwieOhYh.exe] c:\documents and settings\all users\application data\niEJngRwieOhYh.exe
    mRunOnce: [Malwarebytes Anti-Malware] q:\anitvirus stuff\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\albert\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddAllLink.htm
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet1.10\tools\BitCometBHO_1.3.3.2.dll/206
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: trymedia.com
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{93F73B16-8C5E-4EF5-B818-27602884AB72} : DhcpNameServer = 10.0.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\albert\application data\mozilla\firefox\profiles\mcoaaum2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-17 11608]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-17 136360]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-17 269480]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-17 66616]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
    S2 MOUTRAP;MOUTRAP;c:\windows\system32\drivers\Moutrp2k.sys [2001-11-14 4868]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-11-19 16512]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-10-9 392824]
    .
    =============== Created Last 30 ================
    .
    2012-02-28 01:55:07 -------- d-----w- c:\documents and settings\albert\application data\Malwarebytes
    2012-02-27 03:36:37 355328 ---ha-w- c:\documents and settings\all users\application data\fmmJS5ZgPi2Fmg.exe
    2012-02-27 03:34:00 450048 ---ha-w- c:\documents and settings\all users\application data\niEJngRwieOhYh.exe
    2012-02-24 08:28:48 6552120 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1d385171-7538-48ad-86aa-fa72dac24688}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2012-02-26 05:23:15 138784 ---ha-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-02-26 05:23:06 202008 ---ha-w- c:\windows\system32\PnkBstrB.exe
    2012-02-22 05:43:15 234576 ---ha-w- c:\windows\system32\PnkBstrB.xtr
    2012-01-29 11:10:42 237072 ---h--w- c:\windows\system32\MpSigStub.exe
    2012-01-01 10:18:46 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2005-02-16 16:06:16 218112 ---ha-w- c:\program files\HijackThis.exe
    .
    ============= FINISH: 20:18:51.09 ===============
     
  12. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/09/2006 10:48:19 AM
    System Uptime: 27/02/2012 7:56:41 PM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NODUSM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/199mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 9.255 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.428 GiB free.
    E: is CDROM ()
    L: is Removable
    M: is Removable
    N: is Removable
    O: is Removable
    Q: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP541: 30/11/2011 2:56:44 AM - System Checkpoint
    RP542: 01/12/2011 3:56:43 AM - System Checkpoint
    RP543: 02/12/2011 4:30:01 AM - Software Distribution Service 3.0
    RP544: 03/12/2011 4:56:49 AM - System Checkpoint
    RP545: 04/12/2011 5:56:44 AM - System Checkpoint
    RP546: 05/12/2011 6:56:43 AM - System Checkpoint
    RP547: 06/12/2011 1:56:53 AM - Software Distribution Service 3.0
    RP548: 07/12/2011 2:23:13 AM - System Checkpoint
    RP549: 08/12/2011 1:56:50 AM - Software Distribution Service 3.0
    RP550: 09/12/2011 1:57:02 AM - Software Distribution Service 3.0
    RP551: 10/12/2011 2:56:46 AM - System Checkpoint
    RP552: 11/12/2011 3:56:45 AM - System Checkpoint
    RP553: 12/12/2011 4:56:45 AM - System Checkpoint
    RP554: 13/12/2011 1:01:51 AM - Installed Skeleton Key
    RP555: 13/12/2011 2:00:47 AM - Software Distribution Service 3.0
    RP556: 14/12/2011 2:08:13 AM - System Checkpoint
    RP557: 14/12/2011 3:00:16 AM - Software Distribution Service 3.0
    RP558: 15/12/2011 3:27:51 AM - System Checkpoint
    RP559: 16/12/2011 1:34:45 AM - Software Distribution Service 3.0
    RP560: 17/12/2011 2:29:55 AM - System Checkpoint
    RP561: 18/12/2011 3:25:49 AM - System Checkpoint
    RP562: 19/12/2011 3:28:56 AM - System Checkpoint
    RP563: 20/12/2011 1:34:50 AM - Software Distribution Service 3.0
    RP564: 21/12/2011 2:26:16 AM - System Checkpoint
    RP565: 22/12/2011 3:26:19 AM - System Checkpoint
    RP566: 23/12/2011 1:34:56 AM - Software Distribution Service 3.0
    RP567: 24/12/2011 2:26:36 AM - System Checkpoint
    RP568: 25/12/2011 3:10:30 AM - System Checkpoint
    RP569: 26/12/2011 3:27:42 AM - System Checkpoint
    RP570: 27/12/2011 1:34:47 AM - Software Distribution Service 3.0
    RP571: 01/01/2012 12:41:05 AM - Software Distribution Service 3.0
    RP572: 02/01/2012 1:33:05 AM - System Checkpoint
    RP573: 03/01/2012 1:34:50 AM - Software Distribution Service 3.0
    RP574: 04/01/2012 1:50:55 AM - System Checkpoint
    RP575: 05/01/2012 2:33:05 AM - System Checkpoint
    RP576: 06/01/2012 12:43:01 AM - Software Distribution Service 3.0
    RP577: 07/01/2012 1:58:24 AM - System Checkpoint
    RP578: 08/01/2012 2:16:31 AM - System Checkpoint
    RP579: 09/01/2012 2:18:44 AM - System Checkpoint
    RP580: 10/01/2012 1:31:58 AM - Software Distribution Service 3.0
    RP581: 11/01/2012 2:18:06 AM - System Checkpoint
    RP582: 11/01/2012 3:00:17 AM - Software Distribution Service 3.0
    RP583: 12/01/2012 3:27:51 AM - System Checkpoint
    RP584: 13/01/2012 2:28:16 AM - Software Distribution Service 3.0
    RP585: 14/01/2012 3:26:13 AM - System Checkpoint
    RP586: 15/01/2012 3:28:43 AM - System Checkpoint
    RP587: 16/01/2012 4:28:28 AM - System Checkpoint
    RP588: 17/01/2012 12:29:15 AM - Software Distribution Service 3.0
    RP589: 18/01/2012 2:23:45 AM - System Checkpoint
    RP590: 19/01/2012 2:27:29 AM - System Checkpoint
    RP591: 20/01/2012 2:27:56 AM - Software Distribution Service 3.0
    RP592: 21/01/2012 3:27:50 AM - System Checkpoint
    RP593: 22/01/2012 3:28:23 AM - System Checkpoint
    RP594: 23/01/2012 4:27:55 AM - System Checkpoint
    RP595: 24/01/2012 2:27:47 AM - Software Distribution Service 3.0
    RP596: 25/01/2012 2:50:53 AM - System Checkpoint
    RP597: 26/01/2012 3:27:56 AM - System Checkpoint
    RP598: 27/01/2012 2:27:47 AM - Software Distribution Service 3.0
    RP599: 28/01/2012 2:27:57 AM - System Checkpoint
    RP600: 29/01/2012 3:27:57 AM - System Checkpoint
    RP601: 30/01/2012 4:27:57 AM - System Checkpoint
    RP602: 31/01/2012 2:27:47 AM - Software Distribution Service 3.0
    RP603: 01/02/2012 2:28:03 AM - System Checkpoint
    RP604: 02/02/2012 3:27:58 AM - System Checkpoint
    RP605: 03/02/2012 2:27:47 AM - Software Distribution Service 3.0
    RP606: 04/02/2012 2:28:00 AM - System Checkpoint
    RP607: 05/02/2012 3:27:59 AM - System Checkpoint
    RP608: 06/02/2012 4:28:00 AM - System Checkpoint
    RP609: 07/02/2012 2:27:50 AM - Software Distribution Service 3.0
    RP610: 07/02/2012 3:00:18 AM - Software Distribution Service 3.0
    RP611: 08/02/2012 2:27:54 AM - Software Distribution Service 3.0
    RP612: 09/02/2012 2:28:05 AM - System Checkpoint
    RP613: 10/02/2012 2:27:46 AM - Software Distribution Service 3.0
    RP614: 11/02/2012 2:28:03 AM - System Checkpoint
    RP615: 12/02/2012 3:28:06 AM - System Checkpoint
    RP616: 13/02/2012 4:28:06 AM - System Checkpoint
    RP617: 14/02/2012 2:27:55 AM - Software Distribution Service 3.0
    RP618: 15/02/2012 2:28:04 AM - System Checkpoint
    RP619: 15/02/2012 3:00:18 AM - Software Distribution Service 3.0
    RP620: 16/02/2012 3:00:21 AM - Software Distribution Service 3.0
    RP621: 17/02/2012 2:27:44 AM - Software Distribution Service 3.0
    RP622: 18/02/2012 2:28:20 AM - System Checkpoint
    RP623: 19/02/2012 2:58:05 AM - System Checkpoint
    RP624: 20/02/2012 3:28:04 AM - System Checkpoint
    RP625: 21/02/2012 12:35:23 AM - Software Distribution Service 3.0
    RP626: 22/02/2012 5:58:01 AM - System Checkpoint
    RP627: 23/02/2012 6:28:08 AM - System Checkpoint
    RP628: 24/02/2012 2:28:34 AM - Software Distribution Service 3.0
    RP629: 25/02/2012 5:13:13 AM - System Checkpoint
    RP630: 26/02/2012 5:28:04 AM - System Checkpoint
    RP631: 27/02/2012 5:49:57 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    A Simple Unit Converter 0.9.9.0
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.3.4
    Adobe Reader Chinese Traditional Fonts
    Adobe Shockwave Player 11
    Advanced Batch Converter
    AGEIA PhysX v7.05.17
    AiO_Scan
    AiO_Scan_CDA
    AiOSoftware
    AiOSoftwareNPI
    Alien Outbreak 2
    Ancient Sudoku
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    Audacity 1.2.6
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    Baldur's Gate & Tales of the Sword Coast
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    Battle.net
    Battlefield 1942
    Battlefield Heroes
    Battlefield Vietnam(TM)
    Bejeweled 2 Deluxe
    Big Kahuna Reef
    BitComet 1.10
    Blackhawk Striker 2
    Blasterball 2 Remix
    Blasterball 2 Revolution
    Bonjour
    Bookworm Deluxe
    Bounce Symphony
    BufferChm
    CameraDrivers
    CameraUserGuides
    Canon MP Navigator 2.0
    Canon MP170
    Canon Utilities Easy-PhotoPrint
    CCScore
    CDBurnerXP
    Chuzzle Deluxe
    Citrix XenApp Web Plugin
    Commando
    Compact Wireless-G USB Adapter
    Compatibility Pack for the 2007 Office system
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Customer Experience Enhancement
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceManagementQFolder
    Diner Dash
    Dissolution of Eternity
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DocProc
    DocumentViewer
    Doom 3
    DOOM 3 Demo
    DOOM 3: Resurrection of Evil
    Doom Builder
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Easy-WebPrint
    Easy Internet Sign-up
    EAX(tm) Unified (SHELL)
    Enemy Territory - Quake Wars(TM)
    Enemy Territory - QUAKE Wars(TM) 1.1 Patch
    Enemy Territory - QUAKE Wars(TM) 1.1 Patch
    Enemy Territory - QUAKE Wars(TM) Beta 1.1 Patch
    Enemy Territory - QUAKE Wars(TM) Beta 2 1.1 Patch
    Enemy Territory - QUAKE Wars(TM) SDK 1.4
    Enhanced Multimedia Keyboard Solution
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    essvatgt
    Everest Poker (Remove Only)
    Fairies
    Fallout
    Fallout 2 Unofficial Patch 1.02.25
    Fallout2
    Family Feud
    FATE
    Fax
    Fax_CDA
    FINAL FANTASY VIII
    Flip Words
    FO2 Expansion Pack 1.2
    FreeRIP v3.091
    Full Tilt Poker
    GemMaster Mystic
    GtkRadiant-1.3.8-ET
    Hexen II
    Hexen II Mission Pack
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Deskjet Printer Preload
    HP DigitalMedia Archive
    HP Document Viewer 6.1
    HP DVD Play 2.1
    HP Games 3.43.97
    HP Imaging Device Functions 7.0
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 6.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP PSC & OfficeJet 5.3.B
    HP PSC & OfficeJet 6.1.A
    HP Rhapsody
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.1
    HP Web Helper
    hpiCamDrvQFolder
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    HyperCam 2
    Icewind Dale
    Icewind Dale - Heart of Winter
    Icewind Dale II
    Insaniquarium Deluxe
    InstantShareDevices
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java DB 10.4.1.3
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) SE Development Kit 6 Update 13
    Jewel Quest
    JMP Student Edition
    Junk Mail filter update
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    LAME v3.98.2 for Audacity
    LightScribe 1.4.84.1
    linksadoor 1.29
    Magic Set Editor 2 - 0.3.8 beta
    Mah Jong Quest
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Center Extender
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Away Mode
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money 2006
    Microsoft Office 2000 Professional
    Microsoft Platform SDK (3790.1830)
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Morrowind
    Mozilla Firefox (3.6.27)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    Mystery Case Files
    netbrdg
    NewCopy
    NewCopy_CDA
    Notifier
    NVIDIA Drivers
    OfotoXMI
    Omni-Bot 0.72 STABLE
    OmniPage SE 2.0
    OpenOffice.org 3.1
    OptionalContentQFolder
    Otto
    PanoStandAlone
    PC-Doctor 5 for Windows
    PCDADDIN
    PCDHELP
    PhotoGallery
    Physics Quizzes
    Planescape - Torment
    Poker Superstars
    Polar Bowler
    Polar Golfer
    PowerISO
    Project64 1.6
    PSPrinters08
    PSTAPlugin
    PunkBuster Services
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Qtracker
    Quake III Team Arena
    Quake 4(TM)
    Quake II
    Quake II MP: Ground Zero
    Quake II MP: The Reckoning
    Quake III Arena
    Quake III Arena Point Release 1.32
    Quake Live Mozilla Plugin
    Quicken 2006
    QuickTime
    RandMap
    Readme
    RealPlayer
    Realtek High Definition Audio Driver
    Return to Castle Wolfenstein - Game of The Year Edition
    Return to Castle Wolfenstein DEMO
    Ricochet Lost Worlds
    Scan
    ScannerCopy
    Scourge of Armagon
    SCRABBLE
    SecureW2 Client 3.1.2
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    SFR
    SHASTA
    ShowInfo
    Skeleton Key
    SKIN0001
    SkinsHP1
    SKINXSDK
    Skulltag
    Skype™ 3.8
    SlideShow
    SlideShowMusic
    Slingo Deluxe
    Snowy The Bears Adventure
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    SopCast 3.0.3
    Spear of Destiny
    Starcraft
    staticcr
    Status
    Steam
    Super Granny
    SUPERAntiSpyware Free Edition
    Tennis Titans
    TextPad 4.7
    Toolbox
    tooltips
    Tornado Jockey
    Tradewinds
    TrayApp
    TVUPlayer 2.2.1.30 Beta
    Unload
    Unlocker 1.8.5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    VDMSound
    VDMSound 2.0.4
    VideoLAN VLC media player 0.8.6b
    VPRINTOL
    Warcraft II BNE
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Winamp (remove only)
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB905589
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    WinRAR archiver
    WIRELESS
    Wolfenstein
    Wolfenstein - Enemy Territory
    Wolfenstein - Enemy Territory Map Test
    Wolfenstein 3D
    Wolfenstein(TM) 1.2 Patch
    Wolfenstein(TM) 1.2 Patch
    Xfire (remove only)
    XML Paper Specification Shared Components Pack 1.0
    YDKJ The 5th Dementia
    You Don't Know Jack - Sports 1.0
    You Don't Know Jack - Volume 2 1.0
    You Don't Know Jack - XL 1.0
    You Don't Know Jack 4 1.00
    You Don't Know Jack 6 - The Lost Gold
    YOU DON'T KNOW JACK Movies
    YOU DON'T KNOW JACK® 2
    YOU DON'T KNOW JACK® 3 - Abwärts!
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/02/2012 7:58:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 avgio avipbb Fips SASDIFSV SASKUTIL SCDEmu sptd ssmdrv
    27/02/2012 7:52:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    27/02/2012 7:39:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    27/02/2012 7:38:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu sptd ssmdrv Tcpip
    27/02/2012 7:38:51 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    27/02/2012 7:37:55 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    27/02/2012 7:37:47 PM, error: SRService [104] - The System Restore initialization process failed.
    24/02/2012 9:05:13 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
    20/02/2012 1:06:47 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
    .
    ==== End Of File ===========================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  14. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    Oh another thing, can a virus spread into a thumbdrive, because I sort of ran the 3 programs from the thumbdrive into my infected desktop, then attached the thumbdrive onto my laptop so I can copy and paste the results here.

    So far no symptoms have happened yet on my laptop, other than the "can't start security center" problem.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  16. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    I currently have MBR.dat on a thumbdrive, and I assume it needs to be on the infected computer itself. I removed the thumbdrive, and the computer restarted itself, which kind of shows that that file needs to be in the hard drive of the infected computer.

    I managed to make a copy of it and put it on the desktop, but I don't know if it is going to make my machine reboot. I'm removing thumb drive now.

    Ok, computer restarted, but I had no choice, since I ran aswMBR through the thumb drive.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I don't need MBR.dat for now. I need aswMBR scan log.
     
  18. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    aswMBR

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-27 20:47:26
    -----------------------------
    20:47:26.984 OS Version: Windows 5.1.2600 Service Pack 2
    20:47:26.984 Number of processors: 2 586 0x4B02
    20:47:26.984 ComputerName: HP-DOWNSTAIRS UserName: Albert
    20:47:27.687 Initialize success
    20:48:54.968 AVAST engine defs: 12022701
    20:50:15.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    20:50:15.546 Disk 0 Vendor: WDC_WD3200JS-60PDB0 21.00M21 Size: 305245MB BusType: 3
    20:50:15.562 Disk 0 MBR read successfully
    20:50:15.578 Disk 0 MBR scan
    20:50:15.593 Disk 0 unknown MBR code
    20:50:15.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296220 MB offset 63
    20:50:15.640 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9014 MB offset 606674880
    20:50:15.656 Disk 0 scanning sectors +625136400
    20:50:15.734 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:50:24.078 Service scanning
    20:50:43.562 Modules scanning
    20:50:49.562 Disk 0 trace - called modules:
    20:50:49.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    20:50:49.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a693ab8]
    20:50:49.781 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\0000007f[0x8a70e708]
    20:50:49.953 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a5ebd98]
    20:50:50.718 AVAST engine scan C:\WINDOWS
    20:51:11.359 AVAST engine scan C:\WINDOWS\system32
    20:54:34.093 AVAST engine scan C:\WINDOWS\system32\drivers
    20:54:50.046 AVAST engine scan C:\Documents and Settings\Albert
    20:56:27.531 File: C:\Documents and Settings\Albert\Local Settings\temp\mor.exe **INFECTED** Win32:Spyware-gen [Spy]
    21:00:34.671 AVAST engine scan C:\Documents and Settings\All Users
    21:00:48.718 File: C:\Documents and Settings\All Users\Application Data\fmmJS5ZgPi2Fmg.exe **INFECTED** Win32:FakeAlert-CCD [Trj]
    21:01:33.109 File: C:\Documents and Settings\All Users\Application Data\niEJngRwieOhYh.exe **INFECTED** Win32:FakeAlert-CCD [Trj]
    21:02:56.078 Scan finished successfully
    21:11:52.609 Disk 0 MBR has been saved successfully to "Q:\anitvirus stuff\MBR.dat"
    21:11:52.640 The log file has been saved successfully to "Q:\anitvirus stuff\aswMBR.txt"
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good.
    Go on....
     
  20. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    bootkit

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 53b87386f68c4cb2306da5ba771dbe8b

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  22. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    Combofix

    ComboFix 12-02-27.02 - Albert 27/02/2012 22:01:22.3.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1611 [GMT -6:00]
    Running from: c:\documents and settings\Albert\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {88DB51A4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {89C4852C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000202-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {877B7DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88210DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88C664EC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88CC793C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8910D054-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891149CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8913656C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891A57DC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891C7DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {892EA054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8934662C-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89371DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89374DDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {893BADDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89706724-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897917C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897947C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897AC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B07C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897BC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C27C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C37C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C77C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897CE7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D47C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D67C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DA7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DB7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E07C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E17C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897F97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898047C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898057C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898087C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898107C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898127C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898147C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898157C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898187C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981C7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898217C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898287C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8982B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898307C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898347C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898357C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898367C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898397C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898467C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898477C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898547C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898567C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985B7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898627C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898637C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898677C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898697C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8986D7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898727C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898767C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898787C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8987E7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898807C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898867C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8988E7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898917C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898927C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898987C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8989F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A17C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A57C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AF7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898B57C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898BE7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CF7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DC7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DE7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898EA7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898ED7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F47C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F97C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898FF7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8990C7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899137C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899187C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8992A7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8993F7C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899457C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8994E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899587C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8996E7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899717C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899727C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899757C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899787C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899877C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899897C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8998D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899A67C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B37C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B77C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B87C4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B97C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899E07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899EE790-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A0D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A117C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A257C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2B7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2F7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A307C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A337C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A357C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A427C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A457C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4F7C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A547C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A567C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A597C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A5F6EC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A6D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A767C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A777C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A7D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A8C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A917C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A957C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9A7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9C7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AA57C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AAD7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AB27C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ABF7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC17C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC67C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD37C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ADE7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE77C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE87C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF07C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF47C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B037C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B047C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B097C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B0D7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B107C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B1A7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B2B7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B367C4-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B697C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B927C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BB57C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BBD7C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89C71DA4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D11994-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D75344-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DDBC14-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE3344-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE8514-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE9C04-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E11984-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E149E4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E1A96C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E2FBD4-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E3B30C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E4BDDC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E546DC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E6A6CC-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E72DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E922EC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EA4314-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ED754C-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EEE7AC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F2B91C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F48324-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F57DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F6241C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F74DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F7EC6C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F86C0C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F9B054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBB614-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBF8FC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FFD684-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A00E5FC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A023604-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A05635C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A078344-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A09C054-FFA4-0100-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A0C8514-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1027C4-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1074CC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A19C654-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A345DDC-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A529054-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A52B91C-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BAB38540-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {FFDFF540-FFA4-00DE-0D24-347CA8A3377C}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Albert\Desktop\System Check.lnk
    c:\documents and settings\Albert\Start Menu\Programs\System Check
    c:\documents and settings\Albert\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Albert\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\documents and settings\Albert\WINDOWS
    c:\documents and settings\All Users\Application Data\~fmmJS5ZgPi2Fmg
    c:\documents and settings\All Users\Application Data\~fmmJS5ZgPi2Fmgr
    c:\documents and settings\All Users\Application Data\fmmJS5ZgPi2Fmg
    c:\documents and settings\All Users\Application Data\fmmJS5ZgPi2Fmg.exe
    c:\documents and settings\All Users\Application Data\niEJngRwieOhYh.exe
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Annie\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest\WINDOWS
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\documents and settings\MCX1\WINDOWS
    c:\windows\EventSystem.log
    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
    c:\windows\kb913800.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\GTGina.dll
    .
    c:\windows\system32\drivers\intelppm.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-28 01:55 . 2012-02-28 01:55 -------- d-----w- c:\documents and settings\Albert\Application Data\Malwarebytes
    2012-02-24 08:28 . 2012-02-08 06:03 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1D385171-7538-48AD-86AA-FA72DAC24688}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-26 05:23 . 2009-07-20 05:22 138784 ---ha-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-02-26 05:23 . 2007-04-18 04:38 202008 ---ha-w- c:\windows\system32\PnkBstrB.exe
    2012-02-22 05:43 . 2009-06-24 17:31 234576 ---ha-w- c:\windows\system32\PnkBstrB.xtr
    2012-02-08 06:03 . 2008-11-16 23:26 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-01-29 11:10 . 2009-10-02 19:41 237072 ---h--w- c:\windows\system32\MpSigStub.exe
    2012-01-01 10:18 . 2012-01-01 10:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 21:24 . 2010-06-11 04:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2005-02-16 16:06 . 2006-10-29 02:53 218112 ---ha-w- c:\program files\HijackThis.exe
    2008-08-16 22:42 . 2008-08-16 22:42 13112 ---ha-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 22:42 . 2008-08-16 22:42 70456 ---ha-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 22:42 . 2008-08-16 22:42 91448 ---ha-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 22:42 . 2008-08-16 22:42 20800 ---ha-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 22:43 . 2008-08-16 22:43 206136 ---ha-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 22:42 . 2008-08-16 22:42 31032 ---ha-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 22:42 . 2008-08-16 22:42 40248 ---ha-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 13:41 . 2008-05-21 13:41 479232 ---ha-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 548864 ---ha-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 626688 ---ha-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 18:58 . 2008-06-05 18:58 648504 ---ha-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 22:42 . 2008-08-16 22:42 23864 ---ha-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
    "nwiz"="nwiz.exe" [2006-02-14 1519616]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-16 49152]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-31 180269]
    "DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    .
    c:\documents and settings\MCX1\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-31 27136]
    .
    c:\documents and settings\Albert\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-31 27136]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-18 21:41 352256 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\QUAKE\\WINQUAKE.EXE"=
    "c:\\QUAKE\\GLQUAKE.EXE"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory original no patch\\ET.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory Map Test\\ET.exe"=
    "c:\\Program Files\\Xfire\\Xfire.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Hexen II\\h2.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
    "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
    "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory\\ettv.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Qtracker\\qtracker.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Black Isle\\Baldur's Gate\\BGMain2.exe"=
    "c:\\Program Files\\BitComet1.10\\BitComet.exe"=
    "c:\\Hexen II\\H2mp.exe"=
    "c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
    "c:\\Program Files\\DOSBox-0.73\\dosbox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Valve\\Steam\\steamapps\\common\\wolfenstein 3d\\Wolf3d.bat"=
    "c:\\Hexen II\\GLH2.EXE"=
    "c:\\Program Files\\Black Isle\\Icewind Dale\\IDMain.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Valve\\Steam\\steamapps\\common\\doom 3 demo\\Doom3.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Quake2\\quake2.exe"=
    "c:\\Program Files\\Quake III Arena\\quake3.exe"=
    "c:\\Program Files\\Doom 3\\Doom3.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\id Software\\Quake 4\\Quake4.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Skulltag\\skulltag.exe"=
    "c:\\Program Files\\Skulltag\\doomseeker.exe"=
    "c:\\Program Files\\Skulltag\\rcon_utility.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14261:TCP"= 14261:TCP:BitComet 14261 TCP
    "14261:UDP"= 14261:UDP:BitComet 14261 UDP
    "8633:TCP"= 8633:TCP:BitComet 8633 TCP
    "8633:UDP"= 8633:UDP:BitComet 8633 UDP
    "3776:UDP"= 3776:UDP:Media Center Extender Service
    "3390:TCP"= 3390:TCP:Remote Media Center Experience
    .
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/10/2006 6:43 PM 691696]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/11/2008 3:11 PM 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/11/2008 3:11 PM 55024]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/11/2009 1:43 PM 136360]
    S2 MOUTRAP;MOUTRAP;c:\windows\system32\drivers\Moutrp2k.sys [14/11/2001 12:44 PM 4868]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [19/11/2006 1:28 AM 16512]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/11/2008 3:11 PM 7408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE REG_MULTI_SZ QWAVE
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2012-02-28 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=4105
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddAllLink.htm
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 10.0.1.1
    FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\mcoaaum2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-niEJngRwieOhYh.exe - c:\documents and settings\All Users\Application Data\niEJngRwieOhYh.exe
    AddRemove-FINAL FANTASY VIII - c:\program files\Eidos Interactive\Square Soft
    AddRemove-linksadoor_is1 - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\ktxq0dty.default\extensions\unins000.exe
    AddRemove-Malwarebytes' Anti-Malware_is1 - q:\anitvirus stuff\Malwarebytes' Anti-Malware\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-27 22:09
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(580)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    - - - - - - - > 'explorer.exe'(608)
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\l3codeca.acm
    .
    Completion time: 2012-02-27 22:26:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-28 04:26
    .
    Pre-Run: 9,794,449,408 bytes free
    Post-Run: 14,895,443,968 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 2910284B05F9C151E55C9F43970014A0
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks pretty good.

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    Then we have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      intelppm.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  24. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    unhide

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 02/28/2012 12:15:14 AM
    Windows Version: Windows XP

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 231863 files processed.

    Processing the D:\ drive
    Finished processing the D:\ drive. 17305 files processed.

    The C:\DOCUME~1\Albert\LOCALS~1\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    * HideIcons policy was found and deleted!

    Program finished at: 02/28/2012 12:24:25 AM
    Execution time: 0 hours(s), 9 minute(s), and 11 seconds(s)
     
  25. signofzeta

    signofzeta TS Rookie Topic Starter Posts: 106

    systemlook

    SystemLook 30.07.11 by jpshortstuff
    Log created at 00:26 on 28/02/2012 by Albert
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "intelppm.sys"
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --a---- 36352 bytes [20:31 12/09/2008] [18:31 13/04/2008] 8C953733D8F36EB2133F5BB58808B66B

    -= EOF =-
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...